The Samba-Bugzilla – Attachment 14721 Details for
Bug 12164
wbinfo --group-info 'NT AUTHORITY\System' does not work
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.8 and 4.9 cherry-picked from master
bug12164-v48,v49.patch (text/plain), 10.61 KB, created by
Ralph Böhme
on 2018-12-06 11:17:48 UTC
(
hide
)
Description:
Patch for 4.8 and 4.9 cherry-picked from master
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2018-12-06 11:17:48 UTC
Size:
10.61 KB
patch
obsolete
>From 211abd8c6558fd6703fff051c6a5da521bd8b70c Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Tue, 27 Nov 2018 20:32:09 +0100 >Subject: [PATCH 1/5] selftest: test wbinfo -n and --gid-info with "NT > Authority" > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: David Mulder <dmulder@suse.com> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit c46b6b111e8adcd7cf029e5c3293cbdc471793db) >--- > nsswitch/tests/test_wbinfo.sh | 18 ++++++++++++++++++ > selftest/knownfail.d/samba.blackbox.wbinfo | 2 ++ > 2 files changed, 20 insertions(+) > create mode 100644 selftest/knownfail.d/samba.blackbox.wbinfo > >diff --git a/nsswitch/tests/test_wbinfo.sh b/nsswitch/tests/test_wbinfo.sh >index 67660e50fc8..2ac83828a0e 100755 >--- a/nsswitch/tests/test_wbinfo.sh >+++ b/nsswitch/tests/test_wbinfo.sh >@@ -125,6 +125,24 @@ else > echo "success: wbinfo -n check for sane mapping" > fi > >+echo "test: wbinfo -n NT Authority/Authenticated Users" >+$wbinfo -n "NT Authority/Authenticated Users" >+if [ $? -ne 0 ] ; then >+ echo "failure: wbinfo -n NT Authority/Authenticated Users" >+ failed=`expr $failed + 1` >+else >+ echo "success: wbinfo -n NT Authority/Authenticated Users" >+fi >+ >+echo "test: wbinfo --group-info NT Authority/Authenticated Users" >+$wbinfo --group-info "NT Authority/Authenticated Users" >+if [ $? -ne 0 ] ; then >+ echo "failure: wbinfo --group-info NT Authority/Authenticated Users" >+ failed=`expr $failed + 1` >+else >+ echo "success: wbinfo --group-info NT Authority/Authenticated Users" >+fi >+ > testit "wbinfo -U against $TARGET" $wbinfo -U 30000 || failed=`expr $failed + 1` > > echo "test: wbinfo -U check for sane mapping" >diff --git a/selftest/knownfail.d/samba.blackbox.wbinfo b/selftest/knownfail.d/samba.blackbox.wbinfo >new file mode 100644 >index 00000000000..e294c2d3c15 >--- /dev/null >+++ b/selftest/knownfail.d/samba.blackbox.wbinfo >@@ -0,0 +1,2 @@ >+^samba.blackbox.wbinfo\(.*\).wbinfo -n NT Authority/Authenticated Users\(.*\) >+^samba.blackbox.wbinfo\(.*\).wbinfo --group-info NT Authority/Authenticated Users\(.*\) >-- >2.17.2 > > >From 3c946ed928c6a91c30297acf68709d58567661a1 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 28 Nov 2018 17:19:39 +0100 >Subject: [PATCH 2/5] libcli/security: add > dom_sid_lookup_is_predefined_domain() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 > >Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> >Signed-off-by: Ralph Boehme <slow@samba.org> >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: David Mulder <dmulder@suse.com> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 2de5f06d399109009c343b0acfef822db38502a1) >--- > libcli/security/dom_sid.h | 1 + > libcli/security/util_sid.c | 33 +++++++++++++++++++++++++++++++++ > 2 files changed, 34 insertions(+) > >diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h >index d9f4b3fc8a6..491fc0699f4 100644 >--- a/libcli/security/dom_sid.h >+++ b/libcli/security/dom_sid.h >@@ -74,6 +74,7 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid, > enum lsa_SidType *type, > const struct dom_sid **authority_sid, > const char **authority_name); >+bool dom_sid_lookup_is_predefined_domain(const char *domain); > > int dom_sid_compare_auth(const struct dom_sid *sid1, > const struct dom_sid *sid2); >diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c >index af04dff1325..531d3809565 100644 >--- a/libcli/security/util_sid.c >+++ b/libcli/security/util_sid.c >@@ -879,6 +879,39 @@ NTSTATUS dom_sid_lookup_predefined_name(const char *name, > return NT_STATUS_NONE_MAPPED; > } > >+bool dom_sid_lookup_is_predefined_domain(const char *domain) >+{ >+ size_t di; >+ bool match; >+ >+ if (domain == NULL) { >+ domain = ""; >+ } >+ >+ match = strequal(domain, ""); >+ if (match) { >+ /* >+ * Strange, but that's what W2012R2 does. >+ */ >+ domain = "BUILTIN"; >+ } >+ >+ for (di = 0; di < ARRAY_SIZE(predefined_domains); di++) { >+ const struct predefined_domain_mapping *d = >+ &predefined_domains[di]; >+ int cmp; >+ >+ cmp = strcasecmp(d->domain, domain); >+ if (cmp != 0) { >+ continue; >+ } >+ >+ return true; >+ } >+ >+ return false; >+} >+ > NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid, > const char **name, > enum lsa_SidType *type, >-- >2.17.2 > > >From f65998bc7450a784de25c706d00c4d3792b938f5 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Tue, 27 Nov 2018 17:32:09 +0100 >Subject: [PATCH 3/5] winbindd: add some braces > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: David Mulder <dmulder@suse.com> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit e0f784baeaa73096534d9a1ed941028d99f84ece) >--- > source3/winbindd/winbindd_util.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c >index f913d395575..b7248fa4311 100644 >--- a/source3/winbindd/winbindd_util.c >+++ b/source3/winbindd/winbindd_util.c >@@ -1526,8 +1526,9 @@ struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name) > } > > if (strequal(domain_name, "BUILTIN") || >- strequal(domain_name, get_global_sam_name())) >+ strequal(domain_name, get_global_sam_name())) { > return find_domain_from_name_noinit(domain_name); >+ } > > if (IS_DC) { > struct winbindd_domain *domain = NULL; >-- >2.17.2 > > >From 6b7ddbd5497a0140916936d2ca832e45af7ccd9e Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 28 Nov 2018 17:20:41 +0100 >Subject: [PATCH 4/5] winbindd: fix predefined domains routing in > find_lookup_domain_from_sid() > >Route predefined domains through the BUILTIN domain child, not passdb. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 > >Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> >Signed-off-by: Ralph Boehme <slow@samba.org> >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: David Mulder <dmulder@suse.com> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit b512a58bbd7361cbbcf68f6713943377338fc2a1) >--- > source3/winbindd/winbindd_util.c | 27 ++++++++------------------- > 1 file changed, 8 insertions(+), 19 deletions(-) > >diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c >index b7248fa4311..d3b3eaaa1ec 100644 >--- a/source3/winbindd/winbindd_util.c >+++ b/source3/winbindd/winbindd_util.c >@@ -108,15 +108,6 @@ static bool is_internal_domain(const struct dom_sid *sid) > return (sid_check_is_our_sam(sid) || sid_check_is_builtin(sid)); > } > >-static bool is_in_internal_domain(const struct dom_sid *sid) >-{ >- if (sid == NULL) >- return False; >- >- return (sid_check_is_in_our_sam(sid) || sid_check_is_in_builtin(sid)); >-} >- >- > /* Add a trusted domain to our list of domains. > If the domain already exists in the list, > return it and don't re-initialize. */ >@@ -1475,20 +1466,18 @@ struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid) > sid_check_is_unix_groups(sid) || > sid_check_is_in_unix_users(sid) || > sid_check_is_unix_users(sid) || >- sid_check_is_wellknown_domain(sid, NULL) || >- sid_check_is_in_wellknown_domain(sid) ) >+ sid_check_is_our_sam(sid) || >+ sid_check_is_in_our_sam(sid) ) > { > return find_domain_from_sid(get_global_sam_sid()); > } > >- /* >- * On member servers the internal domains are different: These are part >- * of the local SAM. >- */ >- >- if (is_internal_domain(sid) || is_in_internal_domain(sid)) { >- DEBUG(10, ("calling find_domain_from_sid\n")); >- return find_domain_from_sid(sid); >+ if ( sid_check_is_builtin(sid) || >+ sid_check_is_in_builtin(sid) || >+ sid_check_is_wellknown_domain(sid, NULL) || >+ sid_check_is_in_wellknown_domain(sid) ) >+ { >+ return find_domain_from_sid(&global_sid_Builtin); > } > > if (IS_DC) { >-- >2.17.2 > > >From ce56c1d8132fe8dd86b7e9e18bc4725f7f7865fc Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 28 Nov 2018 15:39:21 +0100 >Subject: [PATCH 5/5] winbindd: Route predefined domains through the BUILTIN > domain child >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Without this eg "NT Authority" didn't work: > > $ bin/wbinfo -n "NT Authority/Authenticated Users" > failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND > Could not lookup name NT Authority/Authenticated Users > > $ bin/wbinfo --group-info="NT Authority/Authenticated Users" > failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for group NT Authority/Authenticated Users > >With the patch: > > $ bin/wbinfo -n "NT Authority/Authenticated Users" > S-1-5-11 SID_WKN_GROUP (5) > > $ bin/wbinfo --group-info="NT Authority/Authenticated Users" > NT AUTHORITY\authenticated users:x:10002: > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: David Mulder <dmulder@suse.com> >Reviewed-by: Andreas Schneider <asn@samba.org> > >Autobuild-User(master): Ralph Böhme <slow@samba.org> >Autobuild-Date(master): Wed Dec 5 11:27:22 CET 2018 on sn-devel-144 > >(cherry picked from commit 8b8d9fdad4a4e2c479141b3d40e9a7320a49c0dd) >--- > selftest/knownfail.d/samba.blackbox.wbinfo | 2 -- > source3/winbindd/winbindd_util.c | 7 +++++++ > 2 files changed, 7 insertions(+), 2 deletions(-) > delete mode 100644 selftest/knownfail.d/samba.blackbox.wbinfo > >diff --git a/selftest/knownfail.d/samba.blackbox.wbinfo b/selftest/knownfail.d/samba.blackbox.wbinfo >deleted file mode 100644 >index e294c2d3c15..00000000000 >--- a/selftest/knownfail.d/samba.blackbox.wbinfo >+++ /dev/null >@@ -1,2 +0,0 @@ >-^samba.blackbox.wbinfo\(.*\).wbinfo -n NT Authority/Authenticated Users\(.*\) >-^samba.blackbox.wbinfo\(.*\).wbinfo --group-info NT Authority/Authenticated Users\(.*\) >diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c >index d3b3eaaa1ec..5d4fca213e0 100644 >--- a/source3/winbindd/winbindd_util.c >+++ b/source3/winbindd/winbindd_util.c >@@ -1504,6 +1504,8 @@ struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid) > > struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name) > { >+ bool predefined; >+ > if ( strequal(domain_name, unix_users_domain_name() ) || > strequal(domain_name, unix_groups_domain_name() ) ) > { >@@ -1519,6 +1521,11 @@ struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name) > return find_domain_from_name_noinit(domain_name); > } > >+ predefined = dom_sid_lookup_is_predefined_domain(domain_name); >+ if (predefined) { >+ return find_domain_from_name_noinit(builtin_domain_name()); >+ } >+ > if (IS_DC) { > struct winbindd_domain *domain = NULL; > >-- >2.17.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
asn
:
review+
slow
:
review?
(
jra
)
Actions:
View
Attachments on
bug 12164
: 14721